Geek Answers Handbook

Installing a Subscriber to a Install Shield Digital Installation

Recently, I was offered a VB.NET project to fix some errors and create an installer for it. I was told to use Install Shield LE.

Everything went well with the creation of the installation script, but Windows 8 gives me a warning about the smart screen when downloading the application from the website and trying to install it.

I know the policy of Windows 8, where popular applications get more β€œtrust points” and become popular, but the application is intended for a fairly small audience of people, so we can not rely on this option. Moreover, people without proper knowledge will be repelled by a warning message, and this may cause MS to never increase trust in the application.

My question is: do I need to sign both the application and the installer with the certificate? If so, how can I sign the installer, since there is a signing tab for the project, but I can not find it for the installer.

Bonus points if someone tells me that if getting the proper certificate will remove the warning message message , this is not a normally downloadable file and can be dangerous from chrome / IE when loading the application. I know this is a lot of threads, but most of them offer to add the site to the tools for webmasters, but this did not help, and we still get the message

Thanks.

+4
source share
2 answers

If I read your message correctly, you are talking about an application, not a website, and for this you will need a code signing certificate. The certificates that sign the sites are different from each other, so first of all decide what you create and want to sign.

Having decided that then you need to decide who you will use to provide your certificate. Typical sources would be VeriSign, Thwaite or Globalsign, to name just three. Everyone charges different prices, but essentially they do the same.

After you have the certificate, the installer that you use to create your application signs the code files you selected and the actual installer (msi or exe).

This should eliminate the message that you now see, warning people about the potentially dangerous files they are about to download.

I cannot stress enough that you need to clearly indicate what type of certificate you need before moving on and buying it. I think that from your description you are talking about a code signing certificate, but check first.

0
source

Following the rules of the CAB forum, you will need to sign up for an extended verification code to bypass the smart screen filter.

Signing an extended verification code establishes immediate trust in the machine as you go through a more rigorous verification process to receive it! (or at least the rationale for this!)

I think you can get the extended verification code signature code from SYmantec or GLobalsign.

0
source

More articles:


All Articles